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IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) An internet service provider {ISP) 
V i rtua l Pr i vat e N e twork (VPN) virtual private network network 
comprising: 

a plurality of edge routers; 

a plurality of core routers for allowing communication between sate the 
plurality of edge routers; 

a VPN virtual private network application in communication with a first one 
of sate the plurality of edge routers, said VPN the virtual private network 
application having a first IP internet protocol address; and 

a black-hole router in communication with sate the plurality of core routers^ 
wherein virtual private network traffic received by the black-hole router is black- 
holed , sate the black-hole router adapted to i nj e ct for injecting a second IP 
address into said I SP VPN the internet service provider virtual private network, 
sate the second IP internet protocol address comprising: 

a same IP internet protocol address as the first IP internet protocol 

address; 

a higher preference value than sate the first IP internet protocol 
address; and 

a community value such that when sate the second IP internet 
protocol address is injected, a selected first number of edge routers direct 
VPN virtual private network traffic addressed for sate the first IP internet 
protocol address to said VPN the virtual private network application and a 
selected second number of edge routers direct VPN virtual private network 
traffic addressed for sate the second IP internet protocol address to sate 
the black-hole router. 

2. (Currently Amended) The I SP VPN internet service provider virtual private 
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network of claim 1 , wherein said I SP VPN the internet service provider virtual 
private network is a Mult i protocol Lab el Switohing V i rtua l Pr i vat e N e twork (MPLS 
VP-N4 multiprotocol label switching virtual private network . 

3. (Currently Amended) The I SP VPN internet service provider virtual private 
network of claim 1 , wherein said the black-hole router injects sate the second JP- 
internet protocol address in response to a Distribut e d D e n i al of S e rv i c e (DDoS) 
distributed denial of service attack on sa i d VPN the virtual private network 
application. 

4. (Currently Amended) The ISP VPN internet service provider virtual private 
network of claim 1 , wherein sate the community value is changed in real-time by 
sate the black-hole router. 

5. (Currently Amended) The I SP VPN internet service provider virtual private 
network of claim 1 , wherein said I SP VPN the internet service provider virtual 
private network utilizes on e or mor e a plurality of dynamic routing protocols in 
combination with a community-based route filtering to propagate the injected 
second 4P- internet protocol address to sate the plurality of edge routers. 

6. (Currently Amended) The I SP VPN internet service provider virtual private 
network of claim 1 wherein when sate the selected second number of edge 
routers directs VPN virtual private network traffic, addressed for sate the first IP 
internet protocol address, to sate the black-hole router, sate the black-hole router 
is for receiving such VPN virtual private network traffic as black-holed-traffic, sate 
the black-hole router adapt e d to ana l yz e for analyzing sate the black-holed traffic 
in order to determine a ratio of attack traffic to legitimate traffic. 

7. (Currently Amended) The ISP VPN internet service provider virtual private 
network of claim 1 , further comprising at le ast on e a route reflector, e ach one of 
said at le ast one the route reflector being connected to a different set of edge 
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routers from said the plurality of edge routers, sa i d at loast ono the route reflector 
for updating said the plurality of edge routers with route instructions, such route 
instructions including said the injected second IP internet protocol address. 

8. (Currently Amended) An internet service provider (ISP) network 
comprising: 

a plurality of edge routers; 

an application in direct or indirect electrical communication with a first one 
of said the plurality of edge routers; 

said the application having a first IP internet protocol address such that 
V i rtua l Pr i vat e N e twork (VPN) virtual private network traffic addressed for said 
the first IP internet protocol address and entering said ISP the internet service 
provider network at any one of said the plurality of edge routers, is routed to said 
the application: 

a black-hole route r, wherein virtual private network traffic received bv the 
black-hole router is black-holed : and 

a router for injecting an instruction into said ISP the internet service 
provider network, such that on e or more a select edge rout e rs r e d i r e ct VPN 
router redirects virtual private network traffic, which is addressed to said the first 
IP internet protocol address, to said the black-hole router, wherein said the 
injected instruction comprises a routing instruction having a same IP internet 
protocol address as said the first IP internet protocol address, but with a higher 
preference value than said the first IP internet protocol address and having a 
community value. 

9. (Canceled) 

1 0. (Currently Amended) The ISP internet service provider network of claim 8, 
wherein sa i d I SP the internet service provider network is a Mu l tiprotocol Lab el 
Switch i ng (MPLS) VPN multiprotocol label switching virtual private network. 
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1 1 . {Currently Amended) The ISP internet service provider network of claim 8, 
wherein sa& the router and sala" the black-hole router are the same device. 

12. (Currently Amended) The ISP internet service provider network of claim 8, 
wherein said the injected instruction is a Border Gat e way Protocol (SGP) border 
gateway protocol routing instruction. 

1 3. (Currently Amended) The ISP internet service provider network of claim 8, 
wherein said the black-hole router is for receiving redirected traffic from sa i d on e 
or mor e the select edge rout e rs router and to determine a ratio of attack VPN 
virtual private network traffic to legitimate VPN virtual private network traffic found 
in said the redirected traffic. 

14. (Currently Amended) The ISP internet service provider network of claim 8, 
wherein said the router injects said the instruction when said the application is 
experiencing a D i str i but e d D e nial of Serv i c e (DDoS) distributed denial of service 
attack. 

1 5. (Currently Amended) A method of managing a Distr i buted Denial of 
S e rvic e (DDoS) distributed denial of service attack on an application within an 
internet service provider {ISP) network, said the application having a first IP 
internet protocol address, said the method comprising: 

injecting a Bord e r Gat e way Protocol (BGP) border gateway protocol 
routing instruction into said I SP the internet service provider network when said 
DDoS the distributed denial of service attack is occurring, sa i d BGP the border 
gateway protocol routing instruction comprising a second4P internet protocol 
address having a same IP internet protocol address as said the first IP internet 
protocol address, but with a higher preference value than said the first IP internet 
protocol address and having a community value; 

redirecting, at on e or mor e a selected edge routers router . VPN virtual 
private network traffic addressed for said the second IP internet protocol address 
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to a black-hole route r, wherein the virtual private network traffic received by the 
black-hole router is black-hoied : and 

directing, at on e or mor e other another edge routers router . VPN virtual 
private network traffic addressed for sate the first IP internet protocol address to 
sate the application that is experiencing sa i d DDoS the distributed denial of 
service attack. 

16. (Currently Amended) The method of claim 1 5, wherein sa i d ISP the 
internet service provider network is a Multiprotoco l Labe l Sw i tch i ng (MPLS) VPN 
multiprotocol label switching virtual private network. 

17. (Currently Amended) The method of claim 15, further comprising: 
receiving, at sate the black-hole router, sate the redirected VPN 

virtual private network traffic; and 

determining an amount of attack traffic therein. 

18. (Currently Amended) The method of claim 15, further comprising changing, 
in real-time, a number of said on e or mor e selected edge routers that are 
redirected. 

1 9. (Currently Amended) The method of claim 1 5, wherein sate the injecting 
sa i d BGP the border gateway protocol routing instruction into sa i d I SP the 
internet service provider network is done by providing said BGP the border 
gateway protocol routing instruction to a route-reflector for disseminating sate 
BGP the border gateway protocol routing instruction to other route reflectors 
within sa i d I SP the internet service provider network. 
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